Michaela
British cybercriminal Danny Khan, also known online as Danish Zulfiqar, has reportedly been detained in Dubai, with authorities having allegedly seized $18.58 million in cryptocurrency after roughly 3,670 Ethereum (ETH) were transferred to a tracked wallet.
Key Points
- Danny Khan, a British hacker, is suspected to have been detained in Dubai with $18.58M in cryptocurrency.
- He is linked to a $243M Genesis hack and the Kroll SIM swap, both involving social engineering attacks.
- The stolen funds were moved across multiple crypto exchanges and converted between Bitcoin, Ethereum, Litecoin, and Monero.
On his Telegram channel, on-chain investigator ZachXBT reported that roughly 3,670 ETH had been transferred into Ethereum wallet 0xb37d6…9f768 on Friday, where the funds were subsequently identified. “Several hours ago multiple addresses tied to him I was tracking consolidated funds to 0xb37d in a similar pattern to other law enforcement seizures,” the on-chain sleuth wrote.
ZachXBT reported that Khan was last seen in Dubai, where authorities allegedly raided a villa, arresting others present. Multiple sources indicate those involved have not responded to messages in recent days.
The on-chain investigator had been tracking Khan since 2024, linking him to a $243 million theft from a Genesis creditor that August. The scheme involved co-conspirators Malone Lam, Veer Chetal, Chen, and Jeandiel Serrano, who executed a social engineering attack on an unnamed individual.
Related: Matt Hougan Says Strategy Isn’t at Risk of Forced Selling Bitcoin
Additionally, on August 19, 2024, the group impersonated Google and Gemini support, convincing the victim to reset two-factor authentication, transfer Gemini funds to wallets they controlled, and even share private Bitcoin keys via the remote desktop app AnyDesk. Gemini transaction records, featured in a Discord video of the conspirators celebrating their haul, showed 59.34 BTC and 14.88 Bitcoin (BTC) moved to addresses controlled by the group.
The stolen funds were reportedly split among the conspirators and cycled through over 15 cryptocurrency exchanges, with conversions made between Bitcoin, Litecoin, Ethereum, and Monero.
Related: Michael Saylor’s Bitcoin Strategy Backfires as 100+ Companies Tank
ZachXBT also linked Khan to the August 2023 Kroll SIM swap, which exposed personal data of BlockFi, Genesis, and FTX creditors and resulted in over $300 million in losses via social engineering. Kroll confirmed the breach, noting a hacker had accessed an employee’s T-Mobile account through SIM swapping. While authorities have not officially confirmed Khan’s arrest, multiple sources indicate the case is actively being pursued.
Frequently Asked Questions
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
